Release 4.0.16

What's New

Entity name change for CRDs

When a NetScaler Custom Resource Definition (CRD) instance is created, the NetScaler Ingress Controller generates multiple NetScaler entities associated with that CRD instance. The NetScaler Ingress Controller maintains unique names for each entity to preserve its association with the CRD instance. Since entity naming is based directly on CRD names, some NetScaler entity names exceeded the maximum character limit.

Starting with NetScaler Ingress Controller 4.0.16, the naming convention is optimized by using the following approach to generate shorter entity names during CRD creation:

• Hashed naming: A portion of the entity name is hashed to reduce the overall length
• Preserved information: The necessary Kubernetes related metadata is retained in the entity’s comment field, if the entity comment is supported by NetScaler
• Improved compatibility: Names comply with NetScaler character restrictions while maintaining full traceability
  For more information, see https://docs.netscaler.com/en-us/netscaler-k8s-ingress-controller/entity-name-change-for-crds.

GSLB controller improvements

GSLB controller is enhanced to include the following improvements:

• Added support for GSE auto-creation for all Ingress resource types, including TCP, UDP, SSL, and others.
• GslbConfigSyncMonitor is now enabled by default on the master GSLB node to improve GSLB site monitoring efficiency.
  For more information, see https://docs.netscaler.com/en-us/netscaler-k8s-ingress-controller/gslb/gslb .

ServicetypeLB: Event modification for smart annotations

Starting with NetScaler Ingress Controller release 4.0.16, if you modify any of the following annotations in ServiceTypeLB, the NetScaler Ingress Controller modifies the configuration rather than deleting and recreating it in NetScaler.

"service.citrix.com/lbvserver",
"service.citrix.com/csvserver",
"service.citrix.com/servicegroup",
"service.citrix.com/monitor",
"service.citrix.com/analyticsprofile",
"service.citrix.com/insecure-redirect",
"service.citrix.com/secret",
"service.citrix.com/preconfigured-certkey",
"service.citrix.com/ca-secret",
"service.citrix.com/preconfigured-ca-certkey",
"service.citrix.com/backend-secret",
"service.citrix.com/preconfigured-backend-certkey",
"service.citrix.com/backend-ca-secret",
"service.citrix.com/preconfigured-backend-ca-certkey"
'service.citrix.com/ssl-termination-',
'service.citrix.com/frontend-tcpprofile-',
'service.citrix.com/backend-tcpprofile-',
'service.citrix.com/frontend-httpprofile-',
'service.citrix.com/backend-httpprofile-',
'service.citrix.com/frontend-sslprofile-',
'service.citrix.com/backend-sslprofile-'

SSL passthrough support for NetScaler multi-cluster ingress deployment

SSL passthrough feature allows you to pass incoming secure sockets layer (SSL) requests directly to a server for decryption, rather than decrypting the request using a load balancer. SSL passthrough is widely used for web application security, and it uses the TCP mode to pass encrypted data to servers.

Starting with NetScaler Ingress Controller 4.0.16, the SSL passthrough feature is supported for NetScaler multi-cluster ingress deployment. For more information, see https://docs.netscaler.com/en-us/netscaler-k8s-ingress-controller/configure/ssl-passthrough-multicluster.